VYPR
Medium severity6.6GHSA Advisory· Published May 17, 2024· Updated Apr 15, 2026

CVE-2024-5042

CVE-2024-5042

Description

A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/submariner-io/submariner-operatorGo
>= 0.16.0-m0, < 0.16.40.16.4
github.com/submariner-io/submariner-operatorGo
>= 0.17.0-m0, < 0.17.20.17.2
github.com/submariner-io/submariner-operatorGo
< 0.15.40.15.4
github.com/submariner-io/submariner-operatorGo
>= 0.18.0-m0, < 0.18.0-rc00.18.0-rc0

Affected products

2

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.